File: fapi-export-key.sh

package info (click to toggle)
tpm2-tools 5.7-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 5,988 kB
  • sloc: ansic: 45,737; sh: 14,915; xml: 8,342; makefile: 610; python: 51
file content (107 lines) | stat: -rw-r--r-- 2,592 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 

set -e
source helpers.sh

start_up

CRYPTO_PROFILE="RSA"
setup_fapi $CRYPTO_PROFILE

function cleanup {
    tss2 delete --path=/
    shut_down
}

trap cleanup EXIT

KEY_PATH="HS/SRK/myRSADecrypt"
KEY_PATH_PARENT="HS/SRK/myParent"
JSON_POLICY=$TEMP_DIR/pol_duplicate.json
DUPLICATE_POLICY=policy/duplicate-policy
EXPORTED_KEY=$TEMP_DIR/exportedKey
EXPORTED_PARENT_KEY=$TEMP_DIR/exportedParentKey
LOADED_KEY="myNewParent"

tss2 provision

tss2 import --path=$DUPLICATE_POLICY --importData=$JSON_POLICY

expect <<EOF
# Try with missing path
spawn tss2 import --importData=$JSON_POLICY
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

expect <<EOF
# Try with missing importData
spawn tss2 import --path=$DUPLICATE_POLICY
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

tss2 createkey --path=$KEY_PATH_PARENT --type="restricted, decrypt, noDA" \
    --authValue=""

tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH_PARENT \
    --exportedData=$EXPORTED_PARENT_KEY --force

tss2 import --path="ext/$LOADED_KEY" --importData=$EXPORTED_PARENT_KEY

tss2 createkey --path=$KEY_PATH --type="noDa, exportable, decrypt" \
    --policyPath=$DUPLICATE_POLICY --authValue=""

tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH \
    --pathToPublicKeyOfNewParent="ext/$LOADED_KEY" --exportedData=$EXPORTED_KEY

expect <<EOF
# Try with missing exportedData
spawn tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH \
    --pathToPublicKeyOfNewParent="ext/$LOADED_KEY"
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

expect <<EOF
# Try with missing pathOfKeyToDuplicate
spawn tss2 exportkey --pathToPublicKeyOfNewParent="ext/$LOADED_KEY" \
    --exportedData=$EXPORTED_KEY
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

expect <<EOF
# Try to fail command
spawn tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH \
    --pathToPublicKeyOfNewParent="ext/$LOADED_KEY" --exportedData=
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

expect <<EOF
# Try to fail writing to output
spawn tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH \
    --pathToPublicKeyOfNewParent="ext/$LOADED_KEY" --exportedData=$EXPORTED_KEY
set ret [wait]
if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    Command has not failed as expected\n"
    exit 1
}
EOF

exit 0